Related Posts
Book recommendations for staring a CPG company?
I have received an offer from TCS. My current company is CTS and discussion is going on about retaintion. I am in a good Indian project. Considering the upcoming recession, what should I do? Should I join TCS or be in my current organization in current project. Please advice. Tata Consultancy Cognizant
More Posts
Additional Posts in Cyber Security Bowl
What certifications are you working on?
Darren Gibson book and Professor YouTube videos.
The single most important thing to have in cybersecurity is curiosity. Not just "hey, that looks kinda interesting," but the kind of intellectual devouring, aching hunger that never stops. If you get into cybersecurity in a serious way, you are signing up for constant learning, most of it self-directed and on your own time.
If you have that, get a raspberry pi, install Raspbian on it and start playing with various tools, learn how they work and what their output means, and you will be on your way. Start with Nmap ; it's a classic that has been useful for decades and there's enough to play with (check out the NSE scripts that come with it) to keep you busy for a week. Just don't go portscanning outside organizations or your ISP may want to have a word with you :)
Learn the lingo w the security+
Build a windows lab and then secure it
While we dont secure servers the principles and the lessons you will learn are great
Then do the same on aws w aws native security tools
Build a lab is the best advise. Throw s burner if you need help. You can grab some old laptops and build out basic infrastructure. You have to understand what role active directory, domain controllers play in the environment. What are group policies and organizational units. What is a firewall and their basic functionality. How packers traverse. What’s the difference if router vs switch. Mostly security+.
Then you can go down the nmap route if you do choose
Reddit has a good homelab sub
That we do
Then get creative...build a custom polymorphic piece of malware that bypasses anti-virus products and opens a backdoor into something fun. Do this on your home lab
Following
I am going to second building a lab and learning to secure it. Check out CIS Critical Security Controls, and CIS Benchmarks for guidance. Think about how the principles would scale to a large organization.
Link 1 - https://www.quora.com/How-do-I-become-a-security-expert-starting-from-the-ground-zero/answer/Dawid-Ba%C5%82ut?share=e728f2bd&srid=oOaz
Here’s a little more practical stuff - https://www.quora.com/How-do-I-start-a-career-in-Cyber-Security/answer/Nipun-Gupta-21?share=8c3e8565&srid=oOaz
I’d echo M1. Curiosity is key.
I’d add it’s important to understand “how it’s supposed to work.” You don’t need to become an expert on networking as an example, but you should understand the details of common protocols and how it fits in the OSI stack. The same could be said for endpoints (OS, and hardware) and applications. From there, curiosity helps to drive the “what if” and how can I break it thought process.
Good starting points include Sec+, but also content for CCNA/CCNP, Microsoft, and Linux. SANS offers good hands-on training as well. Well structured with a good mix of theory and application.
If u build and app and just open a certain port. What kinda questions do you ask ? I'm that's the mundane shit abour cyber.
😂
Hackerone??